libeufin

Integration and sandbox testing for FinTech APIs and data formats
Log | Files | Refs | Submodules | README | LICENSE
commit cbdb013d76bf404930055eabc85165a870318a3a
parent 07f6ac8554b92194acf1d8a9ac1e00d31c83c1e5
Author: Antoine A <>
Date:   Tue,  6 Feb 2024 15:00:32 +0100

More payto uri check on account creation

Diffstat:

Mbank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt | 10++++++++++


Mbank/src/test/kotlin/CoreBankApiTest.kt | 9+++++++++


Mbank/src/test/kotlin/PaytoTest.kt | 20+++++++++++++++++++-


3 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt b/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt
@@ -188,6 +188,8 @@ suspend fun createAccount(
 
     when (cfg.wireMethod) {
         WireMethod.IBAN -> {
+            if (req.payto_uri != null && !(req.payto_uri is IbanPayto))
+                throw badRequest("Expected an IBAN payto uri")
             var retry = if (req.payto_uri == null) IBAN_ALLOCATION_RETRY_COUNTER else 0
 
             while (true) {
@@ -217,7 +219,15 @@ suspend fun createAccount(
             }
         }
         WireMethod.X_TALER_BANK -> {
+            if (req.payto_uri != null) {
+                if (!(req.payto_uri is XTalerBankPayto))
+                    throw badRequest("Expected an IBAN payto uri")
+                else if (req.payto_uri.username != req.username)
+                    throw badRequest("Expected a payto uri for '${req.username}' got one for 'req.payto_uri.username'")
+            }
+         
             val internalPayto = XTalerBankPayto.forUsername(req.username)
+        
             val res = db.account.create(
                 login = req.username,
                 name = req.name,
diff --git a/bank/src/test/kotlin/CoreBankApiTest.kt b/bank/src/test/kotlin/CoreBankApiTest.kt
@@ -296,6 +296,15 @@ class CoreBankAccountsApiTest {
         client.get("/accounts/bar") {
             pwAuth("admin")
         }.assertNotFound(TalerErrorCode.BANK_UNKNOWN_ACCOUNT)
+        // Testing bad payto kind
+        client.post("/accounts") {
+            json(req) {
+                "username" to "bar"
+                "password" to "bar-password"
+                "name" to "Mr Bar"
+                "payto_uri" to "payto://x-taler-bank/bank.hostname.test/bar"
+            }
+        }.assertBadRequest()
 
         // Check cashout payto receiver name logic
         client.post("/accounts") {
diff --git a/bank/src/test/kotlin/PaytoTest.kt b/bank/src/test/kotlin/PaytoTest.kt
@@ -45,7 +45,7 @@ class PaytoTest {
             assertEquals("payto://x-taler-bank/bank.hostname.test/john?receiver-name=John", it.internal_payto_uri)
         }
 
-        // Check payto_uri is ignored
+        // Bad IBAN payto
         client.post("/accounts") {
             json {
                 "username" to "foo"
@@ -53,6 +53,24 @@ class PaytoTest {
                 "name" to "Jane"
                 "payto_uri" to IbanPayto.rand()
             }
+        }.assertBadRequest()
+        // Bad payto username
+        client.post("/accounts") {
+            json {
+                "username" to "foo"
+                "password" to "foo-password"
+                "name" to "Jane"
+                "payto_uri" to "payto://x-taler-bank/bank.hostname.test/not-foo"
+            }
+        }.assertBadRequest()
+        // Check Ok
+        client.post("/accounts") {
+            json {
+                "username" to "foo"
+                "password" to "foo-password"
+                "name" to "Jane"
+                "payto_uri" to "payto://x-taler-bank/bank.hostname.test/foo"
+            }
         }.assertOkJson<RegisterAccountResponse> {
             assertEquals("payto://x-taler-bank/bank.hostname.test/foo?receiver-name=Jane", it.internal_payto_uri)
         }